Elastic security case at Elastic meetup
Using logs for Elastic security. – Sitecore –
Sitecore painted a bigger picture on their use cases of monitoring logs using Elastic security. During the demonstration, they showed that – next to the Elastic security-specific features – it is the combined strength of the whole Elastic stack that brings a secure setup for applications to the next level.
Here’s a quick overview of why you should use Elastic for your security setup.
List of benefits of using Elastic compared to other security products.
- Real-time alerting.
- Fast search results due to Elasticsearch.
- Being able to assign issues automatically to a person without input.
- The use of ILM to split data into tiers hot/warm/cold/frozen so older logs can still be searched with speed and cost-effectiveness.
- Use of Elastic watcher to find when a log source stopped working. By monitoring the throughput of logs and assigning a threshold at which point fewer logs come through the system, the elastic watcher will send an alert to an admin or assign an issue.
- Using Elastic SIEM not only the premade detection rules can be used, but also more complex ones can be created tailored to their specific use case.
- The use of fleet for Sitecore has been positive, making configurations less complex and more time effective.
- A further goal for them is to move away from the typical analyst who continuously monitors a system to proactive monitoring and automation where human interaction is minimized to complex or high-value activities
Synthetic _source – Elastic –
In the presentation, Sitecore showed a demo on how the use of synthetic _source helps reduce script size
“Instead of storing source documents on disk exactly as you send them, Elasticsearch can reconstruct source content on the fly upon retrieval. Enable this by setting mode: synthetic in _source: While this on-the-fly reconstruction is generally slower than saving the source documents verbatim and loading them at query time, it saves a lot of storage space.”
This functionality is currently in TP however it will release as GA in the upcoming update to elastic 8.5
It’s always great to come together with the community of like-minded Elastic enthusiasts. The meeting with Sitecore was no different. It offered a great balance between lightheartedness and informative segments. The presentation from Sitecore gave insides into the real-life applications of Elastic security highlighting its versatility and interconnectivity with the rest of Elastics’ products.
After Sitecore’s presentation, we had the privilege to experience a sneak peek into Elastic’s new version 8.5! This version further improves the synthetic source feature which was introduced in 8.4.
We already saw in the current version that this feature has great potential in reducing disk space, and with the improvements in 8.5, it supports more data types, with probably more on the way in future versions.
This feature is certainly one to keep an eye out for.
We always enjoy coming to these meetings, meeting new people, and getting inspired by what our colleagues do with Elastic technologies as well as the Elastic team hinting for new things to come, which is always a driving factor to attend.
Obviously, the pizzas at the end contribute to the great experience. 😉